251 matches found
WordPress plugin ACF Onyx Poll 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ACF Onyx Poll plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
PT-2025-25375 · WordPress · Acf Onyx Poll
Name of the Vulnerable Software and Affected Versions: ACF Onyx Poll plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with...
CVE-2025-30930
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...
CVE-2025-30930
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...
CVE-2025-30930 WordPress ACF: Yandex Maps Field plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...
CVE-2025-30930 WordPress ACF: Yandex Maps Field plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...
CVE-2025-30930
CVE-2025-30930 is a stored XSS in Unreal Themes ACF: Yandex Maps Field. Affected: ACF: Yandex Maps Field versions from n/a up to 1.1. CVSS 3.1 base score 5.9 (Network, Low confidentiality/integrity/availability impact; user interaction required). Exploitation details and a remediated version are ...
CVE-2024-23518
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...
CVE-2024-3071
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2023-3957
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...
CVE-2023-1196
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
CVE-2021-24909
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue...
CVE-2015-9479
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php...
CVE-2019-14682
The acf-better-search aka ACF: Better Search plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbsadminpage CSRF...
CVE-2025-39382
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in danielpataki ACF: Google Font Selector acf-google-font-selector-field allows Reflected XSS.This issue affects ACF: Google Font Selector: from n/a through = 3.0.1...
CVE-2025-39382
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in danielpataki ACF: Google Font Selector acf-google-font-selector-field allows Reflected XSS.This issue affects ACF: Google Font Selector: from n/a through = 3.0.1...
CVE-2025-39382
CVE-2025-39382 refers to a Reflected XSS in WordPress plugin ACF: Google Font Selector (versions up to 3.0.1). The vulnerability arises from improper input neutralization during web page generation, enabling potential inline script execution in the context of the affected page. The CVSS v3.1 base...
PT-2025-17747 · Unknown · Acf: Google Font Selector
Name of the Vulnerable Software and Affected Versions: ACF: Google Font Selector versions 3.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This can be exploited through the ACF:...
CVE-2025-31832
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through = 1.17.0...
CVE-2025-31832
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through = 1.17.0...